A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-03-21T13:29:11.532Z
Updated: 2024-09-12T19:58:18.889Z
Reserved: 2024-03-11T14:43:43.973Z
Link: CVE-2024-28834
Vulnrichment
Updated: 2024-08-02T00:56:58.323Z
NVD
Status : Awaiting Analysis
Published: 2024-03-21T14:15:07.547
Modified: 2024-09-12T20:15:04.633
Link: CVE-2024-28834
Redhat